Page 31 - BOSS Today Issue 20
P. 31
“Data protection
systems are not
keeping pace with
developments in IT and
working styles.”
PROTECT
address of an individual at a
client company is protected.
Any jobs that require you to
work with data relating to
individual consumers will also
& SURVIVE carry some risk: do you know
whether anyone downloads
that information onto a USB
stick to work on from home?
Do you have safeguards in
place? How is information about
your employees’ health stored,
and could it be accessed by
unauthorised persons?
How can the risk Big Numbers fined £75,000. A4e, which lost Act Fast
Since April 2010, the Information
information on thousands of
A small money-lending
of incurring Commission has had a hugely clients who had sought legal company responsible for a leak
fines for breaches increased power to impose fines advice after an unencrypted of information about individual
customers which occurred when
laptop was stolen, was fined
on companies responsible for
of Data Protection breaches of the Data Protection £60,000. an unencrypted laptop was
be minimised? Act 1998. The maximum fine is Are You Protected? stolen received a fine of only
£5,000. The company’s size may
£500,000 and the Commission
has not been slow in using this Reading these cases, certain have had something to do with
new power, which should make patterns start to emerge. it, but it is worth noting that
everyone think more carefully Instances of unencrypted three important factors were
about many aspects of their laptops being stolen when taken into consideration: the
internal data systems, both in used outside the office, and laptop was at least password-
regard to their employees and home workers unwittingly protected, there hadn’t been any
customers. loading confidential data onto actual access to the information
Local Authorities have suffered websites, seem to suggest gained, and the company had
the biggest fines, no doubt partly that data protection systems voluntarily reported the incident
because they deal with very are not keeping pace with to the Commission.
sensitive issues around abused developments in IT and working So if you take immediate
children and other vulnerable styles. Do you have a policy action on discovering such
individuals. Hertfordshire, on home workers’ use of all an incident, and can point to
Islington and Aberdeen Councils, the myriad types of mobile protective systems already
for example, have each been storage and transmission of being in place, you will be
fined £100,000 for system errors information, via laptops, tablets able to get some way towards
that have produced serious leaks. and mobile phones? And if so, pacifying the Information
The Bank of Scotland, which does it include systems to ensure Commissioner.
repeatedly sent confidential that confidential information is
customer information - including protected? n FOR FURTHER
payslips, bank statements and The Data Protection Act INFORMATION CONTACT
mortgage applications - to protects personal information: THE BOSS LEGAL TEAM ON
the incorrect recipients, were that means that the e-mail 0845 450 1565
December 2013/January 2014 | BOSS TODAY 31
p30-p31 DTB.indd 3 02/12/2013 09:40
